Blog

Smart Cities, Part II: Why all Concepts will Fail without Indestructible Security Measures

Posted by Sarah Kamrau|
January 29, 2016

The sustainable development of urban areas requires new, efficient, and user-friendly technologies and services, in particular in the areas of energy, transport and ICT. New IoT technologies have the power to be applied to seemingly unlimited devices and appliances and to truly meet the demands of a growing urban population competing for limited city resources. In fact, IoT will play a huge role in transforming the way people experience urban living, at their homes, at the office and everywhere in between. It will be interesting to see how this technology will provide sustainable answers to pressing urban issues.

Transforming cities into a broad, never-ending stream

n the city of Paris, France, the average resident spends an estimated four years of their life looking for parking. New applications that allow citizens to log into the city app to find parking or even reserve and pay for that spot in advance, as well as reports on traffic management, are a key to easing traffic congestion in a smart city. So a vision is slowly come into existence – in France and worldwide. Another example: In the EU ten million super-smart street lamps are planned to be installed as soon as possible, which should not only save electricity, but also serve as a data collector: Which temperature is at the application place? How dirty is the air? How many cars drive past? And who are the people who pass by here? Are they following their usual rut, or are they particularly frantic, are they nervous?

But with the increasing degree of networking also increases the dependence and vulnerability of technologies. For future concepts it is therefore indispensable to protect critical infrastructure against potential attackers and disorders. Because what happens if unauthorized people gain control over a smart street lamp or an autonomous vehicles in a city and sabotage it? The consequences can range from simple data breaches up to life-threatening situations.

Would it be possible to gain remote control access to a whole city infratructure?

The Prime Tower in Zurich is one of the most expensive construction projects in Switzerland and has become a landmark of the city. The tower is a so-called smart building, means a comprehensively networked and intelligent building. But recently the tower is cause for concerns as it is possible for theoretically everybody to open a web application on the Internet, which is serving as an administration tool for the whole parking deck of the Prime Tower. Thanks to the application it is easy to determine precisely when and for how long a parking lot is or was used – retrospectively for several months. The German website Golem.de examined the parking data of several months and revealed that can be determined quite accurately by data from the past, when a parking lot will be empty and when it probably will be occupied again – Big Data on a small scale.

The web application is primarily designed for internal networks. It allows the entire control of the parking decks, for example also of barriers, parking lights or parking reservations. There is also an event log, where one can initiate certain actions, such as blocking the ticket button. These functions are visible but require a login. But it is no secret at all, that these login data could be determined through so-called brute force attacks, with simple sequential attempts. It could also be possible to use default passwords of the manufacturer to take control. A more aggressive approach would be the excessive demands of the relevant services, as means by DoS or DDoS attacks. At worst, the entire parking garage would be inoperable. Recently, the web application has no longer a public IP address. So the external access to the web application is now blocked – fortunately! Also the developers of IoT infrastructures like Kontron already work on adequate solution which should offer maximum safety and connectivity so there is great hope that such situation can be avoided in the future.

Reasoned skepticism must be taken seriously

When it comes to IoT security the big question is, which organization controls the center where all the strands of information run together. Is it the city management or the IT companies which make the intelligent city possible in the first place? Despite all the Smart City hype, there is a reasoned skepticism especially in Europe about US manufacturers and the lax privacy rules in the US. For this reason, the security of data and privacy in a smart city should not be underestimated. The participation of citizens cannot be forced by pressing a button – and without them the concept of Smart Cities would most likely fail.

Thank you!

An error occured on subscribing!:
{{cCtrl.addCommentSubscribeErrorMsg}}

{{comment.name}}

{{comment.date.format('MMMM DD, YYYY')}}

{{comment.comment}}

There are no comments yet.

About Kontron

Kontron is a global leader in embedded computing technology (ECT). As a part of technology group S&T, Kontron offers a combined portfolio of secure hardware, middleware and services for Internet of Things (IoT) and Industry 4.0 applications. With its standard products and tailor-made solutions based on highly reliable state-of-the-art embedded technologies, Kontron provides secure and innovative applications for a variety of industries. As a result, customers benefit from accelerated time-to-market, reduced total cost of ownership, product longevity and the best fully integrated applications overall.

Kontron is a listed company. Its shares are traded in the Prime Standard segment of the Frankfurt Stock Exchange and on other exchanges under the symbol "KBC".